package com.itheima.web.filters;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;

public class MyPermissionsAuthorizationFilter extends AuthorizationFilter {

    // 是否放行请求
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {

        Subject subject = getSubject(request, response);//里面有从数据库查到的权限
        String[] perms = (String[]) mappedValue; //配置文件中读到的权限

        // 如果没有配置, 直接放行
        if (perms == null || perms.length == 0) {
            return true;
        }

        //有配置
        boolean isPermitted = false;

        for (String perm : perms) {
            if (subject.isPermitted(perm)) {
                isPermitted = true;
                break;
            }
        }

        return isPermitted;
    }
}
